General
-
Target
2023-08-26_c099180b9ac8e6014750f1b99faba5ae_cobalt-strike_cobaltstrike_meterpreter_JC.exe
-
Size
208KB
-
Sample
230929-vvcalade3x
-
MD5
c099180b9ac8e6014750f1b99faba5ae
-
SHA1
c0d9acecd2f693c129ffbeb5ca0f5adcd0dd6186
-
SHA256
292ed4733505886910099b0ff50cf83999082d9cf73435a7c67fcf2e32092c68
-
SHA512
0b08d57d349b15ecfce1c482c6728364ac8b4fff34418a7f92f3df58db64aa208bd9b14b725540ea01413423e39a257d84512e74669357b301f168511e3fe345
-
SSDEEP
3072:LI6CqRCxffkClZ8Cqn7LQlRw6x+Y3CxT2DtK5jdUfY5:LIDff9D8CcXYRw6MT2DEj
Behavioral task
behavioral1
Sample
2023-08-26_c099180b9ac8e6014750f1b99faba5ae_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-26_c099180b9ac8e6014750f1b99faba5ae_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
100000
http://192.168.88.129:8088/IE9CompatViewList.xml
-
access_type
512
-
host
192.168.88.129,/IE9CompatViewList.xml
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8088
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXR6dEL2D5D5PA0hFqADKMvQ60p56YoPVQbuEx+kAUCiYpCwNgOc+QWflJNwmd1P+Qqlpsnula1MPg8XFvV1MYBNyzWtyVSkd5+12DwvJ4yQ1itGOOJt/u/dVPodhTlTLl8G//5ibjH/LXduCfPZmQUmL5kApcSCnAe+C21IpP3QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C)
-
watermark
100000
Targets
-
-
Target
2023-08-26_c099180b9ac8e6014750f1b99faba5ae_cobalt-strike_cobaltstrike_meterpreter_JC.exe
-
Size
208KB
-
MD5
c099180b9ac8e6014750f1b99faba5ae
-
SHA1
c0d9acecd2f693c129ffbeb5ca0f5adcd0dd6186
-
SHA256
292ed4733505886910099b0ff50cf83999082d9cf73435a7c67fcf2e32092c68
-
SHA512
0b08d57d349b15ecfce1c482c6728364ac8b4fff34418a7f92f3df58db64aa208bd9b14b725540ea01413423e39a257d84512e74669357b301f168511e3fe345
-
SSDEEP
3072:LI6CqRCxffkClZ8Cqn7LQlRw6x+Y3CxT2DtK5jdUfY5:LIDff9D8CcXYRw6MT2DEj
Score3/10 -